Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-36162 Unspecified vulnerability in Apache Dubbo
Apache Dubbo supports various rules to support configuration override or traffic routing (called routing in Dubbo).
network
low complexity
apache
8.8
2021-09-02 CVE-2020-13929 Unspecified vulnerability in Apache Zeppelin
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user.
network
low complexity
apache
7.5
2021-08-30 CVE-2021-25958 Information Exposure Through an Error Message vulnerability in Apache Ofbiz
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon.
network
low complexity
apache CWE-209
7.5
2021-08-23 CVE-2021-35940 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613).
local
low complexity
apache oracle CWE-125
7.1
2021-08-18 CVE-2021-33580 Resource Exhaustion vulnerability in Apache Roller
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression.
network
low complexity
apache CWE-400
7.5
2021-08-16 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
network
low complexity
apache fedoraproject tenable oracle
7.5
2021-08-10 CVE-2021-21501 Path Traversal vulnerability in Apache Servicecomb
Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0.
network
low complexity
apache CWE-22
7.5
2021-07-26 CVE-2021-33900 Cleartext Transmission of Sensitive Information vulnerability in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used.
network
low complexity
apache CWE-319
7.5
2021-07-22 CVE-2021-28131 Information Exposure Through Log Files vulnerability in Apache Impala
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user.
network
high complexity
apache CWE-532
7.5
2021-07-13 CVE-2021-35515 Infinite Loop vulnerability in multiple products
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop.
network
low complexity
apache netapp oracle CWE-835
7.5